[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcDzceelkhG81UFMVJcLh6evJg1BvoRYZYypl7blP1pk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":127,"fingerprints":485},"social-medias-connect","Social Medias Connect","2.0.16","qiqiboy","https:\u002F\u002Fprofiles.wordpress.org\u002Fqiqiboy\u002F","\u003Cp>支持微博账号与网站已有账号的绑定。\u003C\u002Fp>\n\u003Cp>提供wordpress与其它社交媒体网站的连接登陆及文章同步、评论同步转发功能。\u003C\u002Fp>\n\u003Cp>支持Github、Google、Yahoo、Facebook、Twitter、人人网、新浪微博、腾讯微博、搜狐微博、网易微博、天涯微博、豆瓣、饭否等约20个第三方网站的账号连接登陆、文章同步、评论\u003C\u002Fp>\n\u003Cp>效果预览：\u003Ca href=\"http:\u002F\u002Fwww.qiqiboy.com\u002Fproducts\u002Fplugins\u002Fsocial-medias-connect#respond\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.qiqiboy.com\u002Fproducts\u002Fplugins\u002Fsocial-medias-connect#respond\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>欢迎在新浪微博收听我：\u003Ca href=\"http:\u002F\u002Fweibo.com\u002Fqiqiboy\" rel=\"nofollow ugc\">@qiqiboy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>V2.0功能\u003Cbr \u002F>\n完全重写了以前的代码，插件更稳定！\u003C\u002Fp>\n","提供wordpress与其它社交媒体(Social Media)网站的账号绑定、连接登陆及文章同步、评论同步转发功能。",10,28465,56,4,"2014-07-15T12:02:00.000Z","3.9.40","3.1","",[20,21,22,23,24],"comment","facebook","github","sidebar","twitter","http:\u002F\u002Fwww.qiqiboy.com\u002Fplugins\u002Fsocial-medias-connect\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-medias-connect.2.0.16.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":33,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},40,30,84,"2026-04-05T10:31:21.574Z",[38,59,79,96,112],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":57,"download_link":58,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"mention-comments-authors","Mention comment's Authors by Wabeo","0.9.8","Willy Bahuaud","https:\u002F\u002Fprofiles.wordpress.org\u002Fwillybahuaud\u002F","\u003Cp>“Mention comment’s authors” is a plugin that improves the WordPress comments fonctionality, adding a response system between authors.\u003Cbr \u002F>\nWhen adding a comment, your readers can directly mentioning the author of another comment, like facebook or twitter do,using the “@” symbol.\u003C\u002Fp>\n\u003Cp>This mention plugin add two features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>In the comments field, when an user entered the “@” symbol, it allows, through an autocompletion system, to quote (or poke) a preceding commentator.\u003C\u002Fli>\n\u003Cli>Once comments validated, the mentioned names take the appearance of buttons. When the user clicks on it, window scrolls to the preceding comment from the person named. A class is added to it, for temporarily customize it in CSS.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This WordPress plugin is based on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftactivos\u002Fjquery-sew\" rel=\"nofollow ugc\">“jquery-sew” jQuery plugin\u003C\u002Fa>, by \u003Ca href=\"https:\u002F\u002Fmural.ly\u002F\" rel=\"nofollow ugc\">mural.ly\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You can find more information on this post : \u003Ca href=\"http:\u002F\u002Fwabeo.fr\u002Fblog\u002Fsysteme-reponse-commentaires\u002F\" rel=\"nofollow ugc\">wabeo : Un système de réponse dans les commentaires\u003C\u002Fa>\u003C\u002Fp>\n","When adding a comment, your users can directly mentioning the author of another comment, like facebook or twitter do,using the \"@\" symbol.",80,8753,90,12,"2016-05-30T14:57:00.000Z","4.5.33","3.5",[54,21,55,56,24],"comments","mention","poke","http:\u002F\u002Fwabeo.fr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmention-comments-authors.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":68,"num_ratings":11,"last_updated":18,"tested_up_to":69,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":75,"download_link":76,"security_score":77,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":78},"fb-viral-downloader","Social Viral Downloader","2.0.3","DualCube","https:\u002F\u002Fprofiles.wordpress.org\u002Fdualcube\u002F","\u003Cp>This plugin is a very powerful viral marketing tool. Once installed, this plugin prompts the user to share a msg in her Facebok\u002FTwitter\u002FGoogle before downloading any file from your site. The admin can edit the msg. from the setting pane. Additionally, the admin can now keep a track of the number of downloads, and hence shares, his files are getting. It is a simple yet powerful mechanism to gain widespread popularity throughsocial sites\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>The Social Viral Downloader plugin create posts for your WordPress websites where you can add a downloadable file link. You may also add a description along with a title for the Facebook post which will be shared when a viewer wants to download the file from your website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Gain widespread popularity with minimal efforts!\u003C\u002Fli>\n\u003Cli>Added new sharing options Google+ & Twitter.\u003C\u002Fli>\n\u003Cli>Admin have opportunity to select which sharing method will apper on front end.\u003C\u002Fli>\n\u003Cli>Added two download options ‘Redirect’ & ‘Featured’.\u003C\u002Fli>\n\u003Cli>Added different Settings panel for settings.\u003C\u002Fli>\n\u003Cli>Very minimal coding with maximum portability.\u003C\u002Fli>\n\u003Cli>All share count will be shown including individual sharing count.\u003C\u002Fli>\n\u003Cli>Total download count can be found in post page.\u003C\u002Fli>\n\u003Cli>Ability to add new shortcode from page itself.\u003C\u002Fli>\n\u003Cli>Each and every download and share counts.\u003C\u002Fli>\n\u003Cli>Add downloadable file to posts through shortcodes.\u003C\u002Fli>\n\u003Cli>Share files of any format you want.\u003C\u002Fli>\n\u003Cli>Simple and easy to use.\u003C\u002Fli>\n\u003Cli>Add shortcodes on the go from WP-Editor itself.\u003C\u002Fli>\n\u003Cli>Customize each download links by filter and styling.\u003C\u002Fli>\n\u003Cli>Block IP Address and Agents.\u003C\u002Fli>\n\u003Cli>All download logs with all details are stored.\u003C\u002Fli>\n\u003Cli>All Download logs will be there in table format.\u003C\u002Fli>\n\u003Cli>Ability to export download logs In CSV.\u003C\u002Fli>\n\u003Cli>Ability to search intended data In download logs.\u003C\u002Fli>\n\u003Cli>Ability to add categories and tags to posts.\u003C\u002Fli>\n\u003Cli>New graphical look.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The plugin is fully compatible with the recent versions of WordPress.\u003C\u002Fli>\n\u003Cli>Compatible with older WordPress versions, down to 3.0.\u003C\u002Fli>\n\u003Cli>Multilingual Support is included with the plugin and is fully compatible with WPML.\u003C\u002Fli>\n\u003Cli>Support added for common importers like WordPress Importer and WP All Import\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Configurable\u003C\u002Fh4>\n\u003Cp>Social Viral Downloader is completely customizable. You may change settings as you want. And You also can block IP, Agents As your requirement.\u003C\u002Fp>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>All we want is some love. If you did not like this plugin or if it is buggy, please give us a shout and we will be happy to fix the issue\u002Fadd the feature. If you indeed liked it, please leave a 5\u002F5 rating.\u003Cbr \u002F>\nIn case you feel compelled to rate this plugin less than 5 stars – please do mention the reason and we will add or change options and fix bugs. It’s very unpleasant to see silent low rates. For more information and instructions on this plugin please visit www.dualcube.com.\u003C\u002Fp>\n","This is a \"Share to Download\" plugin, and works for Facebook, Google+ and Twitter.",14669,92,"4.3.34","3.0",[72,21,73,74,24],"comment-to-download","google","share-to-download","http:\u002F\u002Ftechmonastic.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffb-viral-downloader.2.0.3.zip",100,"2026-03-15T10:48:56.248Z",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":11,"downloaded":87,"rating":77,"num_ratings":14,"last_updated":88,"tested_up_to":89,"requires_at_least":52,"requires_php":18,"tags":90,"homepage":93,"download_link":94,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":95},"sharepulse","SharePulse","3.2","Jack Reichert","https:\u002F\u002Fprofiles.wordpress.org\u002Fjackreichert\u002F","\u003Cp>Relying on hit counts simply does not reflect the impact of your posts. SharePulse finds and ranks your site’s posts that have the greatest \u003Cem>social\u003C\u002Fem> impact. The stats are gathered by getting the Twitter share count, Facebook share count, LinkedIn share count as well as your own site’s most commented posts measuring actual engagement. SharePulse lets you display these posts in your site’s sidebar showing off your posts which have had the greatest social impact over the past day, week, month year or for all time. Each post is displayed with the total number of tweets, shares and comments.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This is the alpha for the plugin relaunch. Feedback is crucial, so please don’t hesitate. We have a feature roadmap and \u003Ca href=\"http:\u002F\u002Fsharepulse.net\u002Fcontact\u002F\" rel=\"nofollow ugc\">we want your input\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The Facebook api has been tightened, it may not update each time. I’m working on a fix.\u003C\u002Fp>\n\u003Ch3>Settings\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Widget title\u003C\u002Fstrong> SharePulse allows you to customize the widget title\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Date range:\u003C\u002Fstrong> You can choose to display the stats from the past day, month, week, year or all time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Number of posts to display:\u003C\u002Fstrong> You can choose the number of posts to display in the widget. You can preview each option’s stat count from “SharePulse > SharePulse” in the admin menu.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Allow linkback at bottom of widget:\u003C\u002Fstrong> We did not ask for payment to develop this widget yet we are sharing it freely, if you like it please show your appreciating by allowing the linkback.\u003C\u002Fp>\n","SharePulse ranks in a widget your site's posts which have had the greatest share count, using Twitter, LinkedIn, Facebook and your comments.",15154,"2015-11-19T02:00:00.000Z","4.4.34",[54,21,91,92,24],"linkedin","statistics","http:\u002F\u002Fsharepulse.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsharepulse.zip","2026-03-15T14:54:45.397Z",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":11,"downloaded":104,"rating":28,"num_ratings":28,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":18,"tags":108,"homepage":110,"download_link":111,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"social-sidebar","Social Sidebar","5.5","thomasdavis","https:\u002F\u002Fprofiles.wordpress.org\u002Fthomasdavis\u002F","\u003Cp>Update: If you had trouble installing the plugin, please download the plugin zip from \u003Ca href=\"http:\u002F\u002Fthomasalwyndavis.com\u002F2010\u002F09\u002Fsocialsidebar-wordpress-plugin\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The plugin is custimizable and lets you change the icons if you have fancier ones.\u003C\u002Fp>\n\u003Cp>For a more details and a screenshot view the site below\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fthomasalwyndavis.com\u002F2010\u002F09\u002Fsocialsidebar-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Plugin Site\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>An example of the plugin is on the right hand side of the page.\u003C\u002Fp>\n","A popout menu for your website, simple to install and setup, shows social networking icons in a un-obtrusive way.",11291,"2011-02-01T15:25:00.000Z","3.0.5","2.0.2",[21,91,23,109,24],"social","http:\u002F\u002Fthomasalwyndavis.com\u002F2010\u002F09\u002Fsocialsidebar-jquery-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-sidebar.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":11,"downloaded":120,"rating":28,"num_ratings":28,"last_updated":121,"tested_up_to":18,"requires_at_least":122,"requires_php":18,"tags":123,"homepage":125,"download_link":126,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"socwidgit","SocWidgIt!","0.5.1","elCreator","https:\u002F\u002Fprofiles.wordpress.org\u002Felcreator\u002F","\u003Cp>With this plugin you can easy place some Social Like buttons to sidebar.\u003Cbr \u002F>\nCurrent release supports vk.com (vkontakte.ru) Like, Facebook Like, Twitter Like and Google Plus (+1)\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plug-in is not guaranteed. You can use this plug-in for free regardless of the purpose.\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>admin@itcreati.com\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fitcreati.com\u003C\u002Fp>\n","With this plugin you can easy place some Social Like buttons to sidebar.",2388,"2011-12-03T22:57:00.000Z","2.8",[21,23,109,24,124],"widget","http:\u002F\u002Fwww.itcreati.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocwidgit.0.5.1.zip",{"attackSurface":128,"codeSignals":198,"taintFlows":361,"riskAssessment":471,"analyzedAt":484},{"hooks":129,"ajaxHandlers":194,"restRoutes":195,"shortcodes":196,"cronEvents":197,"entryPointCount":28,"unprotectedCount":28},[130,135,138,141,144,147,150,154,158,161,164,168,171,173,176,179,183,186,189],{"type":131,"name":132,"callback":132,"file":133,"line":134},"action","init","SMConnect.php",72,{"type":131,"name":136,"callback":136,"file":133,"line":137},"wp_head",73,{"type":131,"name":139,"callback":139,"file":133,"line":140},"admin_head",74,{"type":131,"name":142,"callback":142,"file":133,"line":143},"login_head",75,{"type":131,"name":145,"callback":145,"file":133,"line":146},"admin_menu",76,{"type":131,"name":148,"callback":148,"file":133,"line":149},"comment_post",77,{"type":151,"name":152,"callback":152,"priority":11,"file":133,"line":153},"filter","get_avatar",78,{"type":131,"name":155,"callback":156,"file":133,"line":157},"login_form","smc_print_weibo",79,{"type":131,"name":159,"callback":160,"file":133,"line":46},"add_meta_boxes","add_meta_box",{"type":131,"name":162,"callback":156,"file":133,"line":163},"register_form",81,{"type":131,"name":165,"callback":166,"file":133,"line":167},"login_form_login","login_redirect",82,{"type":131,"name":169,"callback":156,"file":133,"line":170},"lostpassword_form",83,{"type":131,"name":172,"callback":166,"file":133,"line":35},"login_form_register",{"type":131,"name":174,"callback":175,"file":133,"line":27},"admin_notices","admin_notice",{"type":131,"name":177,"callback":166,"file":133,"line":178},"login_form_lostpassword",86,{"type":151,"name":180,"callback":181,"priority":11,"file":133,"line":182},"plugin_action_links","plugin_action_link",87,{"type":131,"name":184,"callback":156,"file":133,"line":185},"comment_form",142,{"type":131,"name":187,"callback":156,"file":133,"line":188},"comment_form_must_log_in_after",143,{"type":131,"name":190,"callback":191,"file":192,"line":193},"widgets_init","smc_sidebar_widget_init","widgets.php",45,[],[],[],[],{"dangerousFunctions":199,"sqlUsage":200,"outputEscaping":203,"fileOperations":359,"externalRequests":28,"nonceChecks":28,"capabilityChecks":359,"bundledLibraries":360},[],{"prepared":201,"raw":28,"locations":202},2,[],{"escaped":204,"rawEcho":27,"locations":205},19,[206,209,210,212,214,216,217,218,220,221,223,225,227,229,231,233,235,236,237,238,239,241,242,244,246,247,249,251,253,254,255,256,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,304,305,307,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,339,341,343,344,346,348,350,352,353,355,357],{"file":207,"line":201,"context":208},"bindoption.php","raw output",{"file":207,"line":14,"context":208},{"file":207,"line":211,"context":208},6,{"file":207,"line":213,"context":208},7,{"file":207,"line":215,"context":208},9,{"file":207,"line":34,"context":208},{"file":207,"line":153,"context":208},{"file":207,"line":219,"context":208},89,{"file":207,"line":48,"context":208},{"file":207,"line":222,"context":208},96,{"file":207,"line":224,"context":208},119,{"file":207,"line":226,"context":208},131,{"file":207,"line":228,"context":208},150,{"file":207,"line":230,"context":208},160,{"file":207,"line":232,"context":208},192,{"file":234,"line":201,"context":208},"bindweibo.php",{"file":234,"line":14,"context":208},{"file":234,"line":211,"context":208},{"file":234,"line":213,"context":208},{"file":234,"line":215,"context":208},{"file":234,"line":240,"context":208},26,{"file":234,"line":240,"context":208},{"file":234,"line":243,"context":208},38,{"file":234,"line":245,"context":208},39,{"file":234,"line":33,"context":208},{"file":234,"line":248,"context":208},41,{"file":234,"line":250,"context":208},42,{"file":252,"line":201,"context":208},"help.php",{"file":252,"line":14,"context":208},{"file":252,"line":211,"context":208},{"file":252,"line":213,"context":208},{"file":252,"line":215,"context":208},{"file":252,"line":258,"context":208},23,{"file":252,"line":260,"context":208},35,{"file":133,"line":262,"context":208},17,{"file":133,"line":264,"context":208},148,{"file":133,"line":266,"context":208},162,{"file":133,"line":268,"context":208},169,{"file":133,"line":270,"context":208},170,{"file":133,"line":272,"context":208},175,{"file":133,"line":274,"context":208},233,{"file":133,"line":276,"context":208},240,{"file":133,"line":278,"context":208},244,{"file":133,"line":280,"context":208},248,{"file":133,"line":282,"context":208},250,{"file":133,"line":284,"context":208},293,{"file":133,"line":286,"context":208},369,{"file":133,"line":288,"context":208},383,{"file":133,"line":290,"context":208},392,{"file":133,"line":292,"context":208},393,{"file":133,"line":294,"context":208},394,{"file":133,"line":296,"context":208},1824,{"file":133,"line":298,"context":208},1837,{"file":133,"line":300,"context":208},1861,{"file":302,"line":303,"context":208},"smctable.php",133,{"file":302,"line":303,"context":208},{"file":302,"line":306,"context":208},145,{"file":302,"line":264,"context":208},{"file":302,"line":309,"context":208},152,{"file":302,"line":311,"context":208},159,{"file":302,"line":313,"context":208},163,{"file":302,"line":315,"context":208},167,{"file":302,"line":317,"context":208},171,{"file":302,"line":319,"context":208},176,{"file":302,"line":321,"context":208},177,{"file":302,"line":323,"context":208},181,{"file":302,"line":325,"context":208},184,{"file":302,"line":327,"context":208},189,{"file":329,"line":193,"context":208},"uninstall.php",{"file":329,"line":331,"context":208},49,{"file":329,"line":333,"context":208},51,{"file":329,"line":335,"context":208},53,{"file":329,"line":337,"context":208},54,{"file":329,"line":13,"context":208},{"file":329,"line":340,"context":208},59,{"file":329,"line":342,"context":208},69,{"file":329,"line":157,"context":208},{"file":329,"line":345,"context":208},93,{"file":192,"line":347,"context":208},13,{"file":192,"line":349,"context":208},14,{"file":192,"line":351,"context":208},15,{"file":192,"line":34,"context":208},{"file":192,"line":354,"context":208},31,{"file":192,"line":356,"context":208},32,{"file":192,"line":358,"context":208},37,1,[],[362,380,392,402,413],{"entryPoint":363,"graph":364,"unsanitizedCount":359,"severity":379},"admin_quest_action (SMConnect.php:332)",{"nodes":365,"edges":376},[366,371],{"id":367,"type":368,"label":369,"file":133,"line":370},"n0","source","$_GET",368,{"id":372,"type":373,"label":374,"file":133,"line":286,"wp_function":375},"n1","sink","echo() [XSS]","echo",[377],{"from":367,"to":372,"sanitized":378},false,"medium",{"entryPoint":381,"graph":382,"unsanitizedCount":359,"severity":379},"login_redirect (SMConnect.php:543)",{"nodes":383,"edges":390},[384,387],{"id":367,"type":368,"label":385,"file":133,"line":386},"$_GET['redirect_to']",546,{"id":372,"type":373,"label":388,"file":133,"line":386,"wp_function":389},"wp_redirect() [Open Redirect]","wp_redirect",[391],{"from":367,"to":372,"sanitized":378},{"entryPoint":393,"graph":394,"unsanitizedCount":359,"severity":379},"insert_new_user (SMConnect.php:886)",{"nodes":395,"edges":400},[396,398],{"id":367,"type":368,"label":369,"file":133,"line":397},990,{"id":372,"type":373,"label":388,"file":133,"line":399,"wp_function":389},992,[401],{"from":367,"to":372,"sanitized":378},{"entryPoint":403,"graph":404,"unsanitizedCount":359,"severity":379},"request_token (SMConnect.php:1432)",{"nodes":405,"edges":411},[406,409],{"id":367,"type":368,"label":407,"file":133,"line":408},"$_COOKIE",1440,{"id":372,"type":373,"label":388,"file":133,"line":410,"wp_function":389},1445,[412],{"from":367,"to":372,"sanitized":378},{"entryPoint":414,"graph":415,"unsanitizedCount":470,"severity":379},"\u003CSMConnect> (SMConnect.php:0)",{"nodes":416,"edges":459},[417,419,420,424,429,431,433,435,437,439,441,445,449,451,454,457],{"id":367,"type":368,"label":418,"file":133,"line":370},"$_GET (x2)",{"id":372,"type":373,"label":374,"file":133,"line":286,"wp_function":375},{"id":421,"type":368,"label":422,"file":133,"line":423},"n2","$_POST",388,{"id":425,"type":373,"label":426,"file":133,"line":427,"wp_function":428},"n3","update_option() [Settings Manipulation]",526,"update_option",{"id":430,"type":368,"label":385,"file":133,"line":386},"n4",{"id":432,"type":373,"label":388,"file":133,"line":386,"wp_function":389},"n5",{"id":434,"type":368,"label":369,"file":133,"line":397},"n6",{"id":436,"type":373,"label":388,"file":133,"line":399,"wp_function":389},"n7",{"id":438,"type":368,"label":407,"file":133,"line":408},"n8",{"id":440,"type":373,"label":388,"file":133,"line":410,"wp_function":389},"n9",{"id":442,"type":368,"label":443,"file":133,"line":444},"n10","$_POST (x2)",516,{"id":446,"type":447,"label":448,"file":133,"line":444},"n11","transform","→ update_config()",{"id":450,"type":373,"label":426,"file":133,"line":427,"wp_function":428},"n12",{"id":452,"type":368,"label":369,"file":133,"line":453},"n13",1873,{"id":455,"type":447,"label":456,"file":133,"line":453},"n14","→ _body()",{"id":458,"type":373,"label":374,"file":133,"line":300,"wp_function":375},"n15",[460,462,463,464,465,466,467,468,469],{"from":367,"to":372,"sanitized":461},true,{"from":421,"to":425,"sanitized":461},{"from":430,"to":432,"sanitized":461},{"from":434,"to":436,"sanitized":461},{"from":438,"to":440,"sanitized":461},{"from":442,"to":446,"sanitized":378},{"from":446,"to":450,"sanitized":378},{"from":452,"to":455,"sanitized":378},{"from":455,"to":458,"sanitized":378},3,{"summary":472,"deductions":473},"The \"social-medias-connect\" v2.0.16 plugin exhibits a mixed security posture. On one hand, the absence of known CVEs and unpatched vulnerabilities in its history suggests a generally stable and well-maintained codebase. The use of prepared statements for all SQL queries and a single capability check are positive indicators of secure coding practices. However, significant concerns arise from the static analysis. The most alarming finding is that 100% of the identified output operations (18% of total outputs) are not properly escaped. This presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the website's content. Furthermore, all five analyzed taint flows resulted in unsanitized paths, indicating potential vulnerabilities in how external data is processed, although no critical or high-severity issues were flagged in this specific analysis.\n\nThe plugin's attack surface appears minimal with zero entry points identified, which is a strong positive. However, the lack of nonce checks on any of its zero AJAX handlers is a missed opportunity for crucial security protection against Cross-Site Request Forgery (CSRF) attacks if any AJAX functionality were to be added or exist without explicit checks. The single file operation also warrants attention, as its context is not provided and could be a vector if not handled securely. The vulnerability history, being entirely empty, is excellent, but it does not negate the identified static code weaknesses that could lead to future vulnerabilities.",[474,477,479,482],{"reason":475,"points":476},"18% of outputs are not properly escaped",8,{"reason":478,"points":213},"All 5 taint flows have unsanitized paths",{"reason":480,"points":481},"No nonce checks on AJAX handlers",5,{"reason":483,"points":201},"One file operation found","2026-03-17T00:16:59.566Z",{"wat":486,"direct":497},{"assetPaths":487,"generatorPatterns":491,"scriptPaths":492,"versionParams":493},[488,489,490],"\u002Fwp-content\u002Fplugins\u002Fsocial-medias-connect\u002Fcss\u002Fsmc-admin.css","\u002Fwp-content\u002Fplugins\u002Fsocial-medias-connect\u002Fjs\u002Fsmc-admin.js","\u002Fwp-content\u002Fplugins\u002Fsocial-medias-connect\u002Fcss\u002Fsmc-style.css",[],[],[494,495,496],"social-medias-connect\u002Fcss\u002Fsmc-admin.css?s=","social-medias-connect\u002Fjs\u002Fsmc-admin.js?s=","social-medias-connect\u002Fcss\u002Fsmc-style.css?s=",{"cssClasses":498,"htmlComments":500,"htmlAttributes":504,"restEndpoints":507,"jsGlobals":508,"shortcodeOutput":510},[499],"smc-admin-css",[501,502,503],"\u003C!-- start social medias connect V","-->\n","\u003C!-- end social medias connect V",[505,506],"smcRedirect_uri","smcWeibo",[],[509],"window.smcAction",[]]